The present application relates to systems, devices and methods for implementing hardware-based security by using charged particle beam tools to differently write different encryption keys to different integrated circuits (ICs); and more particularly to writing in interconnects one or more unique encryption keys per one or more cores in ICs, and obfuscating locations of interconnects and related circuits used to implement individual bits of encryption keys and other IC-specific data within individual ICs and across runs of same-design ICs.
Note that the points discussed below may reflect the hindsight gained from the disclosed inventions, and are not necessarily admitted to be prior art.
Security software plays important roles defending against device hacking and cyber intrusion. Software has been deployed at multiple levels of communication networks to secure data centers (“the cloud”), Internet links, gateways, and individual devices. Antivirus, anti-malware, and firewall software also provide some protection against cyberattacks. However, networks and devices are safe only until attackers find ways around the defense.
The strength of encryption systems used to protect electronics systems, networks, and infrastructure depends on unique, unpredictable keys. Reliance on user-generated passwords (which are typically neither unique nor unpredictable) or on cryptographic keys generated by software (which might be subverted, sidestepped, or compromised) has not prevented wide-scale data theft, eavesdropping, hijacking of systems (e.g., “ransomware”), and other “cyber” crime. Use of compromised non-traditional internet-connected computing platforms (which typically are produced with minimal security)—the “Internet of Things” (TOT)—as attack vectors poses a large-scale threat to connected infrastructure, and emphasizes the need for effective and ubiquitous security implementation.
Software coding errors, bugs, design errors, unforeseen code interactions, and other software flaws are both typical and often give rise to significant vulnerabilities. Vulnerabilities are also frequently introduced deliberately, e.g., “backdoors” required by software providers to access users' software for updates, bug fixes, debugging, and other useful or valuable (or other) purposes. Finding or effectively obfuscating such vulnerabilities is generally expensive and time consuming, and therefore generally more difficult to perform effectively for an individual (thus, limited) entity than for the widely distributed community of entities with interests opposed to strong security (e.g., overtly criminal entities, adverse nation-state-sponsored actors, and other “black hats”).
Hardware-embedded security can be used to fortify cyber defense and avoid or remedy many of the problems with software-based security. Hardware-embedded security can be implemented using integrated circuit (IC) personalization to physically instantiate chip-specific (unique) and unpredictable security keys. However, most ICs are patterned using optical lithography, which is not generally conducive to per-IC customizable design.
In optical lithography, patterning a circuit layer is done through a photomask (mask) in cookie-cutter fashion. Chips patterned using the same mask set are identical. This is a big benefit in volume production. However, a mask set generally costs weeks and millions of dollars to manufacture, and the design layout expressed through the mask is static, not intrinsically enabling embedding chip-specific information during fabrication.
Because photo-mask information is fixed, all chips of a given design on a wafer receive the same pattern from optical lithography. Commercial-scale batches of ICs are generally produced such that most or all ICs in the batch are effectively identical to one or more (frequently all) other ICs in the batch at the time when IC fabrication is completed. IC personalization for security generally either happens after fabrication, or not at all.
Hardware solutions for IC personalization include fuse-programmable integrated circuits, antifuses, Flash memory and physically unclonable functions (“PUFs”). These approaches do not embed chip-specific information in interconnects within the IC.
Generally, in the fuse-programmable integrated circuit approach, after ICs are produced, encrypted information is written on each individual IC to enhance security. But the fusing operation is typically outsourced and the data to be written is exposed to potential access by, or through vulnerabilities in the systems and operations of, the third party performing the fusing operation (typically the post-fabrication test operator). As a result, trust and security can be compromised. (Third party security issues can be avoided in the case of integrated device manufacturers (“IDMs”), where all steps from design to fabrication (fab) to test to packaging are performed and controlled by the IDM; but IDMs tend to be a minority of device producers.) Apple's Secure Enclave is an example of a fuse-programmable approach to hardware-embedded information unique to each IC, and is disclosed in U.S. Pat. No. 8,832,465, which is incorporated herein by reference.
Antifuses are programmed by selectively inducing short circuits between metal interconnect layers in a chip. Antifuses are typically buried under several metal layers and therefore generally have better physical security than eFuses. However, antifuses tend to be easily identifiable after chip package removal due to their grid-like layout and the large nearby driver circuits used for programming the antifuses. The programming is typically done outside the fab by a third party, similar to fuse-programmable ICs. Also, antifuses generally require custom fab processing.
Though Flash memories are often described or advertised as non-volatile, Flash memories generally have data retention times of about five to ten years (or less). This may be acceptable for fleeting consumer products, but it is likely inadequate for some types of IoT (Internet of Things) or PLC (Programmable Logic Controller) devices that are connected to or are integral parts of critical infrastructure. Data in Flash is also generally visible external to the IC on which it is written, making the data vulnerable to external access and/or manipulation.
A physical unclonable function (PUF) establishes a data string which depends upon partially random physical characteristics of an IC. The physical characteristics are caused by variations during the manufacturing of the IC. Process variations during IC manufacturing are both unavoidable and difficult to reproduce. Thus, in principal, PUFs can be used to establish unique, unreproducible data strings for each IC. However, the contents of a PUF cannot be predetermined, and PUF responses are somewhat noisy. Furthermore, PUF responses may change with temperature or time, or may be read from, or derived from, memory. An example of a PUF is a volatile memory which at power-up has contents that depend on the partially random physical characteristics of the memory. Manufacturing variations lead to different physical characteristics for different memories. See, e.g., U.S. Pat. App. Publ. 20140325237, which is incorporated herein by reference.
Generally, previous hardware-related security efforts have focused on chip-to-chip security protocols that involve hardware and/or software segmentation (compartmentalizing security of individual or groups of ICs with respect to other individual or groups of ICs) that protects chips interfacing with an external bus or other inter-device communications architecture. Such segmentation has typically involved splitting individual or groups of (for example) different devices, computer network portions or layers, or memories or memory contents or memory address spaces, into separate segments each able to have its own set of access permissions.